failed to compile using falco-builder container + eBPF

[2rigor]

Hello. I was trying to build using using falco-builder container

1. clone falco and sysdig to /home/user/src/
2. Added -e BUILD_BPF=ON to compilation command and mapped /lib/modules/uname -r/build cmake:

docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e MAKE_JOBS=4 -e BUILD_BPF=ON -it -v /home/user/src:/source -v /home/user/build/falco:/build -v /lib/modules/uname -r/build:/lib/modules/uname -r/build falcosecurity/falco-builder cmake

3. Added -e BUILD_BPF=ON to compilation command and mapped /lib/modules/uname -r/build and ran docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e MAKE_JOBS=4 -e BUILD_BPF=ON -it -v /home/user/src:/source -v /home/user/build/falco:/build -v /lib/modules/uname -r/build:/lib/modules/uname -r/build falcosecurity/falco-builder package

It fails to build ebpf module:

Scanning dependencies of target bpf
[ 55%] Built target docker-local-rule-list_sub_front.yaml
make[3]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
[ 56%] Built target docker-local-rule-invalid_missing_macro_name.yaml
make[4]: *** /lib/modules/5.0.0-36-generic/build: No such file or directory.  Stop.
make[3]: *** [Makefile:18: all] Error 2
make[2]: *** [driver/bpf/CMakeFiles/bpf.dir/build.make:57: driver/bpf/CMakeFiles/bpf] Error 2
make[1]: *** [CMakeFiles/Makefile2:7203: driver/bpf/CMakeFiles/bpf.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 58%] Built target catch2
[ 62%] Built target scap
[ 64%] Built target fakeit-external
make: *** [Makefile:150: all] Error 2

Any ideas? Thanks in advance. P.S. If instead of opening an issue I should have done anything different - please tell me

[poiana]

@2rigor: There is not a label identifying the kind of this issue. Please specify it either using /kind <group> or manually from the side menu.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[leodido]

/triage support

[2rigor]

Hello. I was trying to build using using falco-builder container

1. clone falco and sysdig to /home/user/src/
2. Added -e BUILD_BPF=ON to compilation command and mapped /lib/modules/uname -r/build cmake:

docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e MAKE_JOBS=4 -e BUILD_BPF=ON -it -v /home/user/src:/source -v /home/user/build/falco:/build -v /lib/modules/uname -r/build:/lib/modules/uname -r/build falcosecurity/falco-builder cmake

1. Added -e BUILD_BPF=ON to compilation command and mapped /lib/modules/uname -r/build and ran docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e MAKE_JOBS=4 -e BUILD_BPF=ON -it -v /home/user/src:/source -v /home/user/build/falco:/build -v /lib/modules/uname -r/build:/lib/modules/uname -r/build falcosecurity/falco-builder package

It fails to build ebpf module:

Scanning dependencies of target bpf
[ 55%] Built target docker-local-rule-list_sub_front.yaml
make[3]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
[ 56%] Built target docker-local-rule-invalid_missing_macro_name.yaml
make[4]: *** /lib/modules/5.0.0-36-generic/build: No such file or directory.  Stop.
make[3]: *** [Makefile:18: all] Error 2
make[2]: *** [driver/bpf/CMakeFiles/bpf.dir/build.make:57: driver/bpf/CMakeFiles/bpf] Error 2
make[1]: *** [CMakeFiles/Makefile2:7203: driver/bpf/CMakeFiles/bpf.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 58%] Built target catch2
[ 62%] Built target scap
[ 64%] Built target fakeit-external
make: *** [Makefile:150: all] Error 2

Any ideas? Thanks in advance. P.S. If instead of opening an issue I should have done anything different - please tell me

Not sure if relevant, but:

root@ubuntu107:/home/aa/falco# cat /etc/os-release 
NAME="Ubuntu"
VERSION="18.04.2 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.2 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

root@ubuntu:/home/aa/falco# uname -a
Linux ubuntu107 5.0.0-36-generic #39~18.04.1-Ubuntu SMP Tue Nov 12 11:09:50 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[2rigor]

Apologize for the mess..

[2rigor]

/kind ebpf_compilation

[fntlnz]

Thanks for opening 2rigor ! Even if you are in a container, compiling the BPF probe is very tied to the actual host machine kernel ABI and hence it’s headers. From what I can see it looks like you are missing the kernel headers on your host machine.

If your host machine is an Ubuntu (I’m inferring this from what you posted) you can achieve that by installing them and then retry the build :

sudo apt install linux-headers-$(uname -r)

[2rigor]

@fntlnz thanks a lot! I was already compiling ebfp on this machine. In any case I've run

sudo apt install linux-headers-$(uname -r) as well as sudo apt-get install build-essential llvm clang

BTW, I also found I need to map /lib/modules (not not just /lib/modules/uname -r/build) for the container. The command I run now is: docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e BUILD_BPF=ON -it -v /home/user/src:/source -v /home/user/build/falco:/build -v /lib/modules:/lib/modules -v /usr/src:/usr/src falcosecurity/falco-builder package

It fails (the above command didn't help) at not finding clang.

[fntlnz]

@2rigor i didn’t understand, did it work for you or not ? If it didn’t can you please post the logs ?

[fntlnz]

@2rigor - Good news! So the only missing problem you have is that you can't find clang right? Should we add it to the falco builder? It makes sense to me.

[2rigor]

After adding (mapping) clang, i had some libraries missing. After mapping them, the version of some libraries was too old, so I started to change LD_LIBRARY_PATH, but didn't succeed. I feel I'm doing smth. wrong.. Any ideas?

Do you need logs? I will be able to post them on Sunday

@fntlnz thanks a lot in advance!

[fntlnz]

Yes those would speed up things @2rigor - maybe it’s something we already know!

The builder container is very “complicated” and needs some love to update the tool chains, if we can’t sort this out we could also have one specific for the eBPF probe.

[2rigor]

I wanted to repeat all the steps I did from the very beginning, so I've installed Ubuntu from scratch. Also due to errors I get I add mapping for /lib/modules/ and for /usr/src/ (the latter since /lib/modules/5.3.0-23-generic/build -> /usr/src/linux-headers-5.3.0-23-generic)

This time I installed 19.10 (previously it was 18.04). I executed: sudo apt install build-essential cmake autoconf wget automake patch elfutils libelf-dev pkg-config libtool linux-headers-$(uname -r) llvm clang > cmake_bpf.txt

Then, after cloning falco and sysdig sources to /home/aa/src, I ran: docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -it -v /home/aa/src:/source -v /home/aa/build_ebpf/falco:/build -e BUILD_BPF=ON -e HTTP_PROXY=http://194.29.36.43:8080 -e HTTPS_PROXY=http://194.29.36.43:8080 -v /lib/modules/:/lib/modules/ -v /usr/src/:/usr/src falcosecurity/falco-builder package > package_bpf.txt

Attached /etc/os-release content, cmake_bpf.txt and package_bpf.txt. os-release.txt cmake_bpf.txt package_bpf.txt

Here the problem was missing clang. Then I tried to map directories relevant for clang playing with PATH and LD_LIBRARY_PATH - but it did not work..

How can I install clang and then start "package"?

[fntlnz]

I know that @jalseth is working on this on his issue #900 - I've been able to install clang on the bpf builder using the llvm-toolset-7 package but let's wait for @jalseth to submit a PR.

In the meanwhile, since this issue is newer and duplicated let's keep the conversation on #900 and close this.

Thanks @2rigor for all the details, feel free to continue the conversation on #900 - we will certainly need your feedback again once the docker image is updated.

/triage duplicate /close

[poiana]

@fntlnz: Closing this issue.

In response to [this](https://github.com/falcosecurity/falco/issues/931#issuecomment-562100470): >I know that @jalseth is working on this on his issue #900 - I've been able to install clang on the bpf builder using the `llvm-toolset-7` package but let's wait for @jalseth to submit a PR. > >In the meanwhile, since this issue is newer and duplicated let's keep the conversation on #900 and close this. > >Thanks @2rigor for all the details, feel free to continue the conversation on #900 - we will certainly need your feedback again once the docker image is updated. > >/triage duplicate >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.